The process of granting permission for Non-Human Identities (NHIs) to access specific resources or perform actions within a system.
Description
Authorization in the context of Non-Human Identities (NHIs) refers to the mechanisms and policies that determine what actions and resources are available to entities that are not human, such as applications, services, or devices. NHIs often require access to various systems, data, or functionalities to perform their designated tasks. Effective authorization ensures that these entities can only access the resources they are permitted to use, protecting sensitive information and system integrity. This process typically involves the verification of credentials and the enforcement of policies that define the scope of access based on roles, attributes, or predefined rules. Moreover, with the rise of automation and machine-to-machine interactions, managing NHI authorization has become critical for security and compliance, necessitating robust frameworks that can adapt to dynamic environments and varying access needs.
Examples
- An IoT device authorized to send data to a cloud service.
- A microservice that is granted permission to access a database for specific operations.
Additional Information
- Authorization can be role-based, attribute-based, or policy-based.
- Regular audits are essential to ensure that NHIs have appropriate access levels.
References
- What is a Non-Human Identity? - CyberArk
- Security Operations for Non-Human Identities - The Hacker News
- A Human's Guide to Non-Human Identities (NHIs) - Aembit
- The Complete Guide to the Growing Impact of Non-Human Identities ...
- Securing non-human identities: Why fragmented strategies fail
- NHI Characteristics. Non-Human Identities (NHIs)… | Sep, 2024
- What is a Non-Human Identity? | Silverfort Glossary
- The Invisible Army of Non-Human Identities - Dark Reading
- What Are Non-Human Identities? - ConductorOne